1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

Broidin tyttöystävän kone.

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi infs 30.11.2006.

Viestiketjun tila:
Viestiketju on suljettu.
  1. infs

    infs Member

    Liittynyt:
    30.11.2006
    Viestejä:
    83
    Kiitokset:
    0
    Pisteet:
    16
    Palailenpas taas astialle.

    Koneen ihmeellisyysksiä:
    1)windowsin etsi-ohjelma on jotenkin sekaisin kun siihen ikkunaan ei tule minkäänlaista tekstiä eikä etsimis valikoita. eikä ikkunalle tule mitään otsikkoakaan.
    2)windowsin omaa palomuuria ei yksinkertaisesti pääse "säätämään" tulee vain error-ikkuna valittamaan "tuntemattoman ongelman vuoksi windows ei voi näyttää windowsin palomuurin asetuksia" [ok]
    3)SmitFraudFixillä skannatessa c:\WINDOWS\system32 kansion kohdalle tulee "CScript-virhe: Komentosarjan c:\WINDOWS\system32\GetValue.vbs Komentosarjamoduulia VBScript ei löydy"

    Laitan kaikki scannien logit tms tähä aina kolmen minuutin välein ku useammin salli postata.

    Escannin tuloksia:

    File C:\WINDOWS\system32\nfomon\nfo.ocx tagged as not-a-virus:AdWare.Win32.DelphinMediaViewer.c. No Action Taken.
    File C:\Documents and Settings\Anna-Maija\Työpöytä\SmitfraudFix\Reboot.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.
    File C:\Program Files\Common Files\Uninstall Information\RemoveWebDP.exe tagged as not-a-virus:AdWare.Win32.DelphinMediaViewer.f. No Action Taken.
    File C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP90\A0004939.exe infected by "Trojan-Proxy.Win32.Wopla.ae" Virus. Action Taken: File Deleted.
    File C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP90\A0004957.exe infected by "Trojan-Downloader.Win32.Small.ctf" Virus. Action Taken: File Deleted.
    File C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP90\A0005966.exe infected by "Trojan-Downloader.Win32.Small.ctf" Virus. Action Taken: File Deleted.
    File C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP90\A0009041.EXE tagged as not-a-virus:AdWare.Win32.Maxifiles.aa. No Action Taken.
    File C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP90\A0009046.exe tagged as not-a-virus:AdWare.Win32.Maxifiles.aa. No Action Taken.
    File C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP90\A0009050.exe tagged as not-a-virus:AdWare.Win32.Softomate.z. No Action Taken.
    File C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP90\A0009051.DLL tagged as not-a-virus:AdWare.Win32.Softomate.u. No Action Taken.
    File C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP90\A0009055.exe tagged as not-a-virus:AdWare.Win32.Softomate.z. No Action Taken.
    File C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP90\A0009056.DLL tagged as not-a-virus:AdWare.Win32.Softomate.u. No Action Taken.
    File C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP91\A0019159.exe tagged as not-a-virus:AdWare.Win32.Softomate.z. No Action Taken.
    File C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP91\A0019160.dll tagged as not-a-virus:AdWare.Win32.Softomate.u. No Action Taken.
    File C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP91\A0019161.exe tagged as not-a-virus:AdWare.Win32.Softomate.z. No Action Taken.
    File C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP91\A0019162.dll tagged as not-a-virus:AdWare.Win32.Softomate.u. No Action Taken.
    File C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP91\A0019163.exe tagged as not-a-virus:AdWare.Win32.Softomate.z. No Action Taken.
    File C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP91\A0019164.dll tagged as not-a-virus:AdWare.Win32.Softomate.u. No Action Taken.
    File C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP91\A0019165.exe tagged as not-a-virus:AdWare.Win32.Softomate.z. No Action Taken.
    File C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP91\A0019166.dll tagged as not-a-virus:AdWare.Win32.Softomate.u. No Action Taken.
    File C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP91\A0019167.exe tagged as not-a-virus:AdWare.Win32.Softomate.z. No Action Taken.
    File C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP91\A0019168.dll tagged as not-a-virus:AdWare.Win32.Softomate.u. No Action Taken.
    File C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP91\A0019169.exe tagged as not-a-virus:AdWare.Win32.Softomate.z. No Action Taken.
    File C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP91\A0019170.dll tagged as not-a-virus:AdWare.Win32.Softomate.u. No Action Taken.
    File C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP91\A0019171.exe tagged as not-a-virus:AdWare.Win32.Softomate.z. No Action Taken.
    File C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP91\A0019172.dll tagged as not-a-virus:AdWare.Win32.Softomate.u. No Action Taken.
    File C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP91\A0019173.exe tagged as not-a-virus:AdWare.Win32.Softomate.z. No Action Taken.
    File C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP91\A0019174.dll tagged as not-a-virus:AdWare.Win32.Softomate.u. No Action Taken.
    File C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP91\A0019175.exe tagged as not-a-virus:AdWare.Win32.Softomate.z. No Action Taken.
    File C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP91\A0019176.dll tagged as not-a-virus:AdWare.Win32.Softomate.u. No Action Taken.
    File C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP93\A0038004.exe infected by "Trojan-Downloader.Win32.Small.ctf" Virus. Action Taken: File Deleted.
    File C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP94\A0038096.exe infected by "Trojan-Downloader.Win32.Agent.bca" Virus. Action Taken: File Deleted.
    File C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP94\A0038097.exe infected by "Trojan-Downloader.Win32.Agent.bca" Virus. Action Taken: File Deleted.
    File C:\korjausta\SmitfraudFix.zip tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.
    File C:\korjausta\SmitfraudFix\SmitfraudFix\Reboot.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.

     
  2.  
  3. infs

    infs Member

    Liittynyt:
    30.11.2006
    Viestejä:
    83
    Kiitokset:
    0
    Pisteet:
    16
    Combofixi:

    Anna-Maija - 06-12-09 22:11:42,07 Service Pack 2
    ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Anna-Maija\Ty”p”yt„"

    ((((((((((((((((((((((((((((((( Files Created from 2006-11-09 to 2006-12-09 ))))))))))))))))))))))))))))))))))


    2006-12-09 21:21 <KANSIO> d-------- C:\!KillBox
    2006-12-08 11:17 <KANSIO> d-------- C:\WINDOWS\pss
    2006-12-08 03:39 87,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2006-12-08 03:39 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2006-12-08 03:39 36,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2006-12-08 03:39 24,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2006-12-08 03:39 16,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2006-12-08 03:38 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
    2006-12-08 03:38 666,240 --a------ C:\WINDOWS\system32\aswBoot.exe
    2006-12-08 02:13 106 --a------ C:\delete.bat
    2006-12-08 00:22 <KANSIO> d-------- C:\Kaspersky
    2006-12-08 00:22 <KANSIO> d-------- C:\Downloads
    2006-12-08 00:22 <KANSIO> d-------- C:\Bases
    2006-12-07 21:56 <KANSIO> d-------- C:\VundoFix Backups
    2006-12-07 21:12 <KANSIO> d-------- C:\avenger
    2006-12-07 21:08 <KANSIO> d-------- C:\Rustbfix
    2006-12-07 20:53 <KANSIO> d--hs---- C:\FOUND.008
    2006-12-07 20:06 4,506 --a------ C:\WINDOWS\system32\tmp.reg
    2006-12-07 20:05 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
    2006-12-07 20:05 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2006-12-07 20:05 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2006-12-07 20:05 40,960 --a------ C:\WINDOWS\system32\swsc.exe
    2006-12-07 20:05 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2006-12-07 20:05 135,168 --a------ C:\WINDOWS\system32\swreg.exe
    2006-12-07 19:14 <KANSIO> d-------- C:\WINDOWS\system32\ZoneLabs
    2006-12-07 19:14 <KANSIO> d-------- C:\Program Files\Zone Labs
    2006-12-07 19:13 <KANSIO> d-------- C:\WINDOWS\Internet Logs
    2006-12-07 17:09 <KANSIO> d--hs---- C:\FOUND.007
    2006-12-07 16:51 <KANSIO> d--h----- C:\WINDOWS\system32\nfomon
    2006-12-07 16:51 <KANSIO> d--h----- C:\Documents and Settings\All Users\Application Data\nfo
    2006-12-07 16:50 <KANSIO> d--h----- C:\WINDOWS\system32\vidmon
    2006-12-07 16:50 <KANSIO> d--h----- C:\Program Files\Common Files\Uninstall Information
    2006-12-07 16:50 <KANSIO> d--h----- C:\Documents and Settings\All Users\Application Data\vidmon
    2006-12-07 16:46 <KANSIO> d--hs---- C:\FOUND.006
    2006-12-07 16:44 <KANSIO> d-------- C:\korjausta
    2006-12-07 15:26 <KANSIO> d-------- C:\HijackThis
    2006-12-05 22:15 <KANSIO> d--hs---- C:\Config.Msi
    2006-12-02 21:32 <KANSIO> d--hs---- C:\FOUND.005
    2006-12-01 11:23 <KANSIO> d--hs---- C:\FOUND.004
    2006-12-01 11:14 <KANSIO> d--hs---- C:\FOUND.003
    2006-12-01 11:07 <KANSIO> d--hs---- C:\FOUND.002
    2006-11-30 19:29 1,617 --a------ C:\Documents and Settings\Anna-Maija\jsetup.exe
    2006-11-29 21:43 <KANSIO> d--hs---- C:\FOUND.001
    2006-11-29 21:43 <KANSIO> d-------- C:\WINDOWS\Minidump
    2006-11-22 20:24 <KANSIO> d-------- C:\Documents and Settings\Anna-Maija\Application Data\DivX
    2006-11-22 20:22 <KANSIO> d-------- C:\Program Files\DivX
    2006-11-20 22:30 <KANSIO> d-------- C:\WINDOWS\Sun
    2006-11-20 22:30 <KANSIO> d-------- C:\Documents and Settings\Anna-Maija\Application Data\Sun
    2006-11-20 22:29 <KANSIO> d-------- C:\Program Files\Java
    2006-11-20 22:26 <KANSIO> d-------- C:\Program Files\Common Files\Java
    2006-11-13 16:50 <KANSIO> d-------- C:\Program Files\Alwil Software


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-11-06 11:34 0 -rahs---- C:\MSDOS.SYS
    2006-11-06 11:34 0 -rahs---- C:\IO.SYS
    2006-10-13 14:37 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
    2006-10-02 21:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
    2006-10-02 21:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
    2006-10-02 21:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
    2006-10-02 21:04 635486 --a------ C:\WINDOWS\system32\DivX.dll
    2006-09-13 08:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "Creative Detector"="C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "preload"="C:\\Windows\\RUNXMLPL.exe"
    "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
    "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
    "igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
    "igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
    "SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
    "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
    "SoundMan"="SOUNDMAN.EXE"
    "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
    "LaunchAp"="\"C:\\Program Files\\Launch Manager\\LaunchAp.exe\""
    "PowerKey"="\"C:\\Program Files\\Launch Manager\\PowerKey.exe\""
    "LManager"="\"C:\\Program Files\\Launch Manager\\HotkeyApp.exe\""
    "CtrlVol"="\"C:\\Program Files\\Launch Manager\\CtrlVol.exe\""
    "LMgrOSD"="\"C:\\Program Files\\Launch Manager\\OSDCtrl.exe\""
    "Wbutton"="\"C:\\Program Files\\Launch Manager\\Wbutton.exe\""
    "EPM-DM"="c:\\acer\\Empowering Technology\\ePower\\epm-dm.exe"
    "Acer ePower Management"="C:\\Acer\\Empowering Technology\\ePower\\Acer ePower Management.exe boot"
    "eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"
    "ADMTray.exe"="\"C:\\Acer\\Empowering Technology\\admtray.exe\""
    "eDataSecurity Loader"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe"
    "mmtask"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
    "IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
    "Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    @=""
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    @=""
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    @=""
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000000

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="igfxtray"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\igfxtray.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="IMJPMIG"
    "hkey"="HKLM"
    "command"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="mm_tray"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ImScInst"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    Completion time: 06-12-09 22:12:16.79
    C:\ComboFix2.txt ... 06-12-09 20:49
    C:\ComboFix.txt ... 06-12-09 22:12
    C:\ComboFix3.txt ... 06-12-08 12:06
     
  4. infs

    infs Member

    Liittynyt:
    30.11.2006
    Viestejä:
    83
    Kiitokset:
    0
    Pisteet:
    16
    Smitti:


    SmitFraudFix v2.128

    Scan done at 22:17:44,92, la 09.12.2006
    Run from C:\Documents and Settings\Anna-Maija\Ty”p”yt„\SmitfraudFix
    OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
    The filesystem type is FAT32
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Anna-Maija


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Anna-Maija\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»»


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components


     
  5. infs

    infs Member

    Liittynyt:
    30.11.2006
    Viestejä:
    83
    Kiitokset:
    0
    Pisteet:
    16
    Ja HjT vikaksi:

    Logfile of HijackThis v1.99.1
    Scan saved at 12:08:17, on 8.12.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Acer\Empowering Technology\admServ.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\PowerKey.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\OSDCtrl.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\acer\Empowering Technology\ePower\epm-dm.exe
    C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\HijackThis\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O3 - Toolbar: Acer eDataSecurity Management - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll
    O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
    O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
    O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0F2F3121-75E2-4C60-9977-C1ADC3D5F3DC} (IFIUploader Control) - http://web1.ifi.fi/WebUpload/ActiveX/IfiUploader.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

     
  6. infs

    infs Member

    Liittynyt:
    30.11.2006
    Viestejä:
    83
    Kiitokset:
    0
    Pisteet:
    16
    Nii ja semmone kiva pikku juttu, ettei mediaplayerikaan toimi =/
    Valittelee "Sisäinen Sovellusvirhe".

    Mahtaneeko olla käynyt niin, että viirukset ovat syöneet jotain windowsista pois?

    Voiko tolle vielä yrittää jotain poppakonsteja? Format c:?
     
  7. Hujo

    Hujo Guest

    Ohje AVG Anti-Spyware 7.5:n käyttöön
    Huom! Tässä ohjeessa sammutetaan tuo reaaliaikasuojaus (Shield). Näin vältetään tilanteet joissa suojaus estäisi esim HijackThis työkalun toimintaa.

    Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta

    Lataa AVG Anti-Spyware 7.5 http://www.ewido.net/en/download/
    ja tallenna ohjelma työpöydällesi.
    • Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
    • Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
    • Käynnistä AVG Anti-Spyware.
    • Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.

    o Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.

    • Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
    • Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
    • Sitten "Reports" valikon alta:

    o Laita täppi kohtaan "Automatically generate report after every scan"
    o Ota täppi pois kohdasta"Only if threats were found"

    • Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
    • "Resident shield is", muuta tila active:sta inactive:ksi
    • Sulje ohjelma, ÄLÄ skannaa vielä.
    Käynnistä koneesi vikasietotilaan,

    sammuta ja käynnistä
    käynnistyksen yhteydessä naputtele F8
    valitse nuoli näppäimellä vikasietotila
    paina enter ja enter

    HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
    • Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
    • Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
    • Ewido aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.

    Kun skannaus on valmis:
    TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
    • Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
    • Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"

    • Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
    • Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
    • Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestikejuusi.
     
  8. Hujo

    Hujo Guest

    Tämmönen mielipide on mulla.
    Kun tuo windowsin käyttis rupee noin keljuileen, niin tekisin tuon Formatoinin.
     
  9. infs

    infs Member

    Liittynyt:
    30.11.2006
    Viestejä:
    83
    Kiitokset:
    0
    Pisteet:
    16
    no ihmettelen sunnuntain tätä vielä mutta maanantaina menee formatointiin.
    AVG reportti ja HjT kanssa:



    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 6:08:17 10.12.2006

    + Scan result:



    HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj.1 -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj\CLSID -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj\CurVer -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\VCCPGDATAACCESS.PgDataAccessCtrl.1 -> Adware.Delfin : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\Uninstall Information\RemoveWebDP.exe -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\nfomon\nfo.ocx -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP90\A0009041.EXE -> Adware.Maxifiles : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP90\A0009046.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP90\A0009050.exe -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP90\A0009051.DLL -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP90\A0009055.exe -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP90\A0009056.DLL -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP91\A0019159.exe -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP91\A0019160.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP91\A0019161.exe -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP91\A0019162.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP91\A0019163.exe -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP91\A0019164.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP91\A0019165.exe -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP91\A0019166.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP91\A0019167.exe -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP91\A0019168.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP91\A0019169.exe -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP91\A0019170.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP91\A0019171.exe -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP91\A0019172.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP91\A0019173.exe -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP91\A0019174.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP91\A0019175.exe -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP91\A0019176.dll -> Adware.Softomate : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP91\A0019103.rbf.mwt -> Backdoor.MSNMaker.ab : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{4CA1FCC9-8A05-421B-B5B7-50DAE9EC9BAF}\RP93\A0037659.SYS.mwt -> Rootkit.Agent.cf : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\NTIO256.SYS.mwt -> Rootkit.Agent.cf : Cleaned with backup (quarantined).
    C:\Documents and Settings\Anna-Maija\Cookies\anna-maija@adtech[1].txt -> TrackingCookie.Adtech : Cleaned.
    C:\Documents and Settings\Anna-Maija\Cookies\anna-maija@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\Anna-Maija\Cookies\anna-maija@com[1].txt -> TrackingCookie.Com : Cleaned.
    C:\Documents and Settings\Anna-Maija\Cookies\anna-maija@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\Anna-Maija\Cookies\anna-maija@ehg-talentumoyi.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Anna-Maija\Cookies\anna-maija@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
    C:\Documents and Settings\Anna-Maija\Cookies\anna-maija@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\Documents and Settings\Anna-Maija\Cookies\anna-maija@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
    C:\Documents and Settings\Anna-Maija\Cookies\anna-maija@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.
    C:\Documents and Settings\Anna-Maija\Cookies\anna-maija@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
    C:\Documents and Settings\Anna-Maija\Cookies\anna-maija@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\Anna-Maija\Cookies\anna-maija@c5.zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
    C:\Documents and Settings\Anna-Maija\Cookies\anna-maija@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.


    ::Report end

    Logfile of HijackThis v1.99.1
    Scan saved at 6:21:51, on 10.12.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Acer\Empowering Technology\admServ.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\PowerKey.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\OSDCtrl.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\acer\Empowering Technology\ePower\epm-dm.exe
    C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\HijackThis\HijackThis_v1.99.1.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O3 - Toolbar: Acer eDataSecurity Management - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll
    O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
    O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
    O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0F2F3121-75E2-4C60-9977-C1ADC3D5F3DC} (IFIUploader Control) - http://web1.ifi.fi/WebUpload/ActiveX/IfiUploader.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

     
  10. Hujo

    Hujo Guest

    Vaihe 1

    Hae findlop ->
    http://metallica.geekstogo.com/findlop.zip

    Pura ja tuplaklikkaa findlop.bat
    Logi löytyy tuolta C:\findlop.txt. Lähetä myös uusi HjT-loki.


    vaihe 2

    Lataa CWShredder
    http://cwshredder.net/bin/CWShredder.exe
    Ja tallenna se työpöydälle

    -Scannaa kone CWShredder avulla : Muista sulkea selain + kaikki muut ikkunat ennenkuin käytät tuota CWShredderiä.
    -Paina Fix-->näppäintä.
    -Vastaa ohjelman kysymyksiin OK.
    -Ohjelman käytyä kohteet läpi paina Next-->näppäintä.
    -Loppuyhteenvedon tulos tulee tämän jälkeen.
    -puhdistuksen jälkeen käynnistä kone uudelleen.

    Lähetä CWShredder raportti.

    Vaihe 3

    Luo poistolista:
    • Avaa HiJackThis
    • Klikkaa "Configure" valintaa oikealla alhaalla
    • Klikkaa "Misc Tools"
    • Klikkaa boxia joka sanoo "Uninstall Manager"
    • Klikkaa valintaa "Save list"
    • Kopioi ja liitä kyseinen lista muistiosta postiisi

    Vaihe 4

    lataa Silent Runners http://www.silentrunners.org/Silent Runners.vbs

    • Tallenna ohjelma työpöydällesi.
    • Aja Silent Runners kaksoisklikkaamalla "Silent Runners" kuvaketta työpöydälläsi.
    • Tekstitiedosto ilmestyy työpöydällesi - skannaus ei ole vielä valmis, anna ohjelman tehdä työnsä
    (näyttää kuin ohjelma ei tekisi mitään!)
    • Kun saat ilmoituksen "All Done!", kaksoisklikkaa uutta tekstitiedostoa työpöydälläsi, kopioi ja liitä koko loki tänne
    *HUOM* Jos sinua varoitetaan skriptien ajamisesta, salli ajo.
     
    Moderaattorin viimeksi muokkaama: 10.12.2006
  11. infs

    infs Member

    Liittynyt:
    30.11.2006
    Viestejä:
    83
    Kiitokset:
    0
    Pisteet:
    16
    Vaihe 1:

    Findlop logi:

    [TRACE] Enumerating jobs and queues

    --------

    HjT:

    Logfile of HijackThis v1.99.1
    Scan saved at 14:19:14, on 10.12.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Acer\Empowering Technology\admServ.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\PowerKey.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\OSDCtrl.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\acer\Empowering Technology\ePower\epm-dm.exe
    C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\HijackThis\HijackThis_v1.99.1.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O3 - Toolbar: Acer eDataSecurity Management - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll
    O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
    O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
    O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0F2F3121-75E2-4C60-9977-C1ADC3D5F3DC} (IFIUploader Control) - http://web1.ifi.fi/WebUpload/ActiveX/IfiUploader.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

     
  12. infs

    infs Member

    Liittynyt:
    30.11.2006
    Viestejä:
    83
    Kiitokset:
    0
    Pisteet:
    16
    Vaihe 2

    CWS ei löytynyt systeemistä. Tällaisen reportin siitä sain ulos:

    **** Run Keys ****

    RUN: [preload] C:\Windows\RUNXMLPL.exe
    RUN: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    RUN: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    RUN: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    RUN: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    RUN: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    RUN: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    RUN: [SoundMan] SOUNDMAN.EXE
    RUN: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    RUN: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    RUN: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
    RUN: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
    RUN: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
    RUN: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
    RUN: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    RUN: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
    RUN: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
    RUN: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    RUN: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
    RUN: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    RUN: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
    RUN: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    RUN: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    RUN: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    RUN: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    RUN: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    RUN: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    RUN: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    RUN: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R


    **** Browser Helper Objects ****

    BHO: [AcroIEHlprObj Class] C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    BHO: [SSVHelper Class] C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll


    **** IE Toolbars ****

    TOOLBAR: [Acer eDataSecurity Management] C:\WINDOWS\system32\ToolBand.dll


    **** IE Extensions ****

    IEExt: []
    IEExt: [Oheistiedot]
    IEExt: [Messenger] C:\Program Files\Messenger\msmsgs.exe


    **** Hosts File Entries ****

    HOSTS: 127.0.0.1 localhost
    HOSTS: 127.0.0.1 localhost


    **** IE Settings ****

    Default Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default Search: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Local Page: C:\windows\system32\blank.htm
    Search Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch


    **** IE Context Menu (Right click) ****

    IEContext: [&Sample Toolband Serach] res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
    IEContext: [Vie Microsoft E&xceliin] res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000


    **** Layered Service Providers ****

    LSP: MSAFD Tcpip [TCP/IP]
    LSP: MSAFD Tcpip [UDP/IP]
    LSP: RSVP UDP Service Provider
    LSP: RSVP TCP Service Provider
    LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8DFBD875-A3FA-4D9B-A8C3-94F90EC949B3}] SEQPACKET 1
    LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8DFBD875-A3FA-4D9B-A8C3-94F90EC949B3}] DATAGRAM 1
    LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A5890713-93D0-4F61-B0AF-84E7375ACEAD}] SEQPACKET 0
    LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A5890713-93D0-4F61-B0AF-84E7375ACEAD}] DATAGRAM 0
    LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D5BF2D60-AFE1-4AF6-8B76-CC2B52C20719}] SEQPACKET 2
    LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D5BF2D60-AFE1-4AF6-8B76-CC2B52C20719}] DATAGRAM 2
    LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7F299712-D7F9-4D00-8F0E-22061C9A492F}] SEQPACKET 3
    LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7F299712-D7F9-4D00-8F0E-22061C9A492F}] DATAGRAM 3


    **** Blocked Control Panel Items ****

    BLOCKED: [ncpa.cpl] No
    BLOCKED: [odbccp32.cpl] No


    **** Downloaded Program Files ****

    {0F2F3121-75E2-4C60-9977-C1ADC3D5F3DC} [http://web1.ifi.fi/WebUpload/ActiveX/IfiUploader.cab] C:\WINDOWS\Downloaded Program Files\IFIUploader.ocx
    {8AD9C840-044E-11D1-B3E9-00805F499D93} [http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586-jc.cab]
    {9F1C11AA-197B-4942-BA54-47A8489BB47F} [http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?39060.853125] C:\WINDOWS\system32\iuctl.dll
    {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} [http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab]
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab]
    {D27CDB6E-AE6D-11CF-96B8-444553540000} [http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab]


    **** Windows Services ****

    [Alerter] %SystemRoot%\system32\svchost.exe -k LocalService
    [ALG] %SystemRoot%\System32\alg.exe
    [AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs
    [aswUpdSv] "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
    [AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
    [avast! Antivirus] "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
    [avast! Mail Scanner] "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
    [avast! Web Scanner] "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
    [AVG Anti-Spyware Guard] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    [AWService] "C:\Acer\Empowering Technology\admServ.exe"
    [BITS] %SystemRoot%\system32\svchost.exe -k netsvcs
    [Browser] %SystemRoot%\system32\svchost.exe -k netsvcs
    [CiSvc] %SystemRoot%\system32\cisvc.exe
    [ClipSrv] %SystemRoot%\system32\clipsrv.exe
    [COMSysApp] C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    [Creative Service for CDROM Access] C:\WINDOWS\system32\CTsvcCDA.EXE
    [CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
    [DcomLaunch] %SystemRoot%\system32\svchost -k DcomLaunch
    [Dhcp] %SystemRoot%\system32\svchost.exe -k netsvcs
    [dmadmin] %SystemRoot%\System32\dmadmin.exe /com
    [dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs
    [Dnscache] %SystemRoot%\system32\svchost.exe -k NetworkService
    [ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
    [Eventlog] %SystemRoot%\system32\services.exe
    [EventSystem] C:\WINDOWS\system32\svchost.exe -k netsvcs
    [FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs
    [Fax] %systemroot%\system32\fxssvc.exe
    [helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
    [HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs
    [HTTPFilter] %SystemRoot%\System32\svchost.exe -k HTTPFilter
    [ImapiService] C:\WINDOWS\system32\imapi.exe
    [lanmanserver] %SystemRoot%\system32\svchost.exe -k netsvcs
    [lanmanworkstation] %SystemRoot%\system32\svchost.exe -k netsvcs
    [LmHosts] %SystemRoot%\system32\svchost.exe -k LocalService
    [MDM] "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
    [Messenger] %SystemRoot%\system32\svchost.exe -k netsvcs
    [mnmsrvc] C:\WINDOWS\system32\mnmsrvc.exe
    [MSDTC] C:\WINDOWS\system32\msdtc.exe
    [MSIServer] C:\WINDOWS\system32\msiexec.exe /V
    [NetDDE] %SystemRoot%\system32\netdde.exe
    [NetDDEdsdm] %SystemRoot%\system32\netdde.exe
    [Netlogon] %SystemRoot%\system32\lsass.exe
    [Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
    [Nla] %SystemRoot%\system32\svchost.exe -k netsvcs
    [NtLmSsp] %SystemRoot%\system32\lsass.exe
    [NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
    [ose] "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
    [PlugPlay] %SystemRoot%\system32\services.exe
    [PolicyAgent] %SystemRoot%\system32\lsass.exe
    [ProtectedStorage] %SystemRoot%\system32\lsass.exe
    [RasAuto] %SystemRoot%\system32\svchost.exe -k netsvcs
    [RasMan] %SystemRoot%\system32\svchost.exe -k netsvcs
    [RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
    [RemoteAccess] %SystemRoot%\system32\svchost.exe -k netsvcs
    [RpcLocator] %SystemRoot%\system32\locator.exe
    [RpcSs] %SystemRoot%\system32\svchost -k rpcss
    [RSVP] %SystemRoot%\system32\rsvp.exe
    [SamSs] %SystemRoot%\system32\lsass.exe
    [SCardSvr] %SystemRoot%\System32\SCardSvr.exe
    [Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs
    [seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs
    [SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
    [ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
    [Spooler] %SystemRoot%\system32\spoolsv.exe
    [srservice] %SystemRoot%\system32\svchost.exe -k netsvcs
    [SSDPSRV] %SystemRoot%\system32\svchost.exe -k LocalService
    [stisvc] %SystemRoot%\system32\svchost.exe -k imgsvc
    [SwPrv] C:\WINDOWS\system32\dllhost.exe /Processid:{9968C4D3-0826-4226-B699-5EAE6B54C873}
    [SysmonLog] %SystemRoot%\system32\smlogsvc.exe
    [TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
    [TermService] %SystemRoot%\System32\svchost -k DComLaunch
    [Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
    [TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs
    [UMWdf] C:\WINDOWS\system32\wdfmgr.exe
    [upnphost] %SystemRoot%\system32\svchost.exe -k LocalService
    [UPS] %SystemRoot%\System32\ups.exe
    [vsmon] C:\WINDOWS\system32\ZONELABS\vsmon.exe -service
    [VSS] %SystemRoot%\System32\vssvc.exe
    [W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs
    [WebClient] %SystemRoot%\system32\svchost.exe -k LocalService
    [winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
    [WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs
    [WmiApSrv] C:\WINDOWS\system32\wbem\wmiapsrv.exe
    [wscsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
    [wuauserv] %systemroot%\system32\svchost.exe -k netsvcs
    [WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs
    [xmlprov] %SystemRoot%\System32\svchost.exe -k netsvcs


    **** Custom IE Search Items ****

    SEARCH: [SearchAssistant] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    SEARCH: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch


    **** Complete IE Options ****

    IEOPT: [NoUpdateCheck]
    IEOPT: [NoJITSetup]
    IEOPT: [Disable Script Debugger] no
    IEOPT: [Show_ChannelBand] No
    IEOPT: [Anchor Underline] yes
    IEOPT: [Cache_Update_Frequency] Once_Per_Session
    IEOPT: [Display Inline Images] yes
    IEOPT: [Do404Search]
    IEOPT: [Local Page] C:\windows\system32\blank.htm
    IEOPT: [Save_Session_History_On_Exit] no
    IEOPT: [Show_FullURL] no
    IEOPT: [Show_StatusBar] yes
    IEOPT: [Show_ToolBar] yes
    IEOPT: [Show_URLinStatusBar] yes
    IEOPT: [Show_URLToolBar] yes
    IEOPT: [Start Page] http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    IEOPT: [Use_DlgBox_Colors] yes
    IEOPT: [Search Page] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    IEOPT: [FullScreen] no
    IEOPT: [Window_Placement] ,
    IEOPT: [NotifyDownloadComplete] yes
    IEOPT: [Use FormSuggest] yes
    IEOPT: [AddToFavoritesExpanded]
    IEOPT: [FormSuggest PW Ask] no
    IEOPT: [Save Directory] F:\
    IEOPT: [Enable Browser Extensions] Yes
    IEOPT: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    IEOPT: [Use Custom Search URL]
    IEOPT: [Default_Page_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    IEOPT: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    IEOPT: [Search Page] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    IEOPT: [Enable_Disk_Cache] yes
    IEOPT: [Cache_Percent_of_Disk]
    IEOPT: [Delete_Temp_Files_On_Exit] yes
    IEOPT: [Local Page] C:\windows\system32\blank.htm
    IEOPT: [Anchor_Visitation_Horizon]
    IEOPT: [Use_Async_DNS] yes
    IEOPT: [Placeholder_Width]
    IEOPT: [Placeholder_Height]
    IEOPT: [Start Page] http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    IEOPT: [CompanyName] Microsoft Corporation
    IEOPT: [Custom_Key] MICROSO
    IEOPT: [Wizard_Version] 6.0.2600.0000
    IEOPT: [FullScreen] no
    IEOPT: [Placeholder_Datasl]
     
  13. infs

    infs Member

    Liittynyt:
    30.11.2006
    Viestejä:
    83
    Kiitokset:
    0
    Pisteet:
    16
    Vaihe 3

    HjT uninstakk list:

    Acer eDataSecurity Management 1.00.21
    Acer eLock Management
    Acer Empowering Technology framework
    Acer ePerformance Management
    Acer ePower Management
    Acer ePresentation Management
    Acer eSettings Management
    Acer GridVista
    Adobe Flash Player 9 ActiveX
    Adobe Reader 7.0
    avast! Antivirus
    AVG Anti-Spyware 7.5
    Canon Camera Support Core Library
    Canon Camera Window for ZoomBrowser EX
    Canon Internet Library for ZoomBrowser EX
    Canon MovieEdit Task for ZoomBrowser EX
    Canon PhotoRecord
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities PhotoStitch 3.1
    Canon Utilities ZoomBrowser EX
    ccCommon
    Creative Jukebox Driver
    Creative MediaSource
    Creative Removable Disk Manager
    Creative System Information
    Creative Zen Micro
    DC++ 0.698
    DivX Codec
    DivX Content Uploader
    DivX Converter
    DivX Player
    DivX Web Player
    Fotobook Design-Center 6
    HijackThis 1.99.1
    Intel(R) Graphics Media Accelerator Driver for Mobile
    J2SE Runtime Environment 5.0 Update 9
    Launch Manager V1.0.9.3
    Microsoft Office Standard Edition 2003
    Mozilla Firefox (2.0)
    Musicmatch® Jukebox
    NetAnttila Fotopalvelu
    Norton AntiVirus Help
    Norton AntiVirus Parent MSI
    Norton WMI Update
    NTI Backup NOW! 4
    NTI CD & DVD-Maker
    PowerDVD
    Päivitys Windows XP:lle (KB894391)
    Päivitys Windows XP:lle (KB898461)
    Päivitys Windows XP:lle (KB900485)
    Päivitys Windows XP:lle (KB908531)
    Päivitys Windows XP:lle (KB910437)
    Päivitys Windows XP:lle (KB911280)
    Päivitys Windows XP:lle (KB916595)
    Päivitys Windows XP:lle (KB920872)
    Päivitys Windows XP:lle (KB922582)
    Realtek AC'97 Audio
    Skype 2.5
    Soft Data Fax Modem with SmartCP
    SoftV90 Data Fax Modem with SmartCP
    Suojauspäivitys Windows Media Player 9:lle (KB911565)
    Suojauspäivitys Windows Media Player 9:lle (KB917734)
    Suojauspäivitys Windows Media Playerille (KB911564)
    Suojauspäivitys Windows XP:lle (KB890046)
    Suojauspäivitys Windows XP:lle (KB893756)
    Suojauspäivitys Windows XP:lle (KB896358)
    Suojauspäivitys Windows XP:lle (KB896422)
    Suojauspäivitys Windows XP:lle (KB896423)
    Suojauspäivitys Windows XP:lle (KB896424)
    Suojauspäivitys Windows XP:lle (KB896428)
    Suojauspäivitys Windows XP:lle (KB899587)
    Suojauspäivitys Windows XP:lle (KB899591)
    Suojauspäivitys Windows XP:lle (KB900725)
    Suojauspäivitys Windows XP:lle (KB901017)
    Suojauspäivitys Windows XP:lle (KB901190)
    Suojauspäivitys Windows XP:lle (KB901214)
    Suojauspäivitys Windows XP:lle (KB902400)
    Suojauspäivitys Windows XP:lle (KB904706)
    Suojauspäivitys Windows XP:lle (KB905414)
    Suojauspäivitys Windows XP:lle (KB905749)
    Suojauspäivitys Windows XP:lle (KB908519)
    Suojauspäivitys Windows XP:lle (KB911562)
    Suojauspäivitys Windows XP:lle (KB911567)
    Suojauspäivitys Windows XP:lle (KB911927)
    Suojauspäivitys Windows XP:lle (KB912812)
    Suojauspäivitys Windows XP:lle (KB912919)
    Suojauspäivitys Windows XP:lle (KB913446)
    Suojauspäivitys Windows XP:lle (KB913580)
    Suojauspäivitys Windows XP:lle (KB914388)
    Suojauspäivitys Windows XP:lle (KB914389)
    Suojauspäivitys Windows XP:lle (KB916281)
    Suojauspäivitys Windows XP:lle (KB917159)
    Suojauspäivitys Windows XP:lle (KB917344)
    Suojauspäivitys Windows XP:lle (KB917422)
    Suojauspäivitys Windows XP:lle (KB917953)
    Suojauspäivitys Windows XP:lle (KB918439)
    Suojauspäivitys Windows XP:lle (KB918899)
    Suojauspäivitys Windows XP:lle (KB919007)
    Suojauspäivitys Windows XP:lle (KB920213)
    Suojauspäivitys Windows XP:lle (KB920214)
    Suojauspäivitys Windows XP:lle (KB920670)
    Suojauspäivitys Windows XP:lle (KB920683)
    Suojauspäivitys Windows XP:lle (KB920685)
    Suojauspäivitys Windows XP:lle (KB921398)
    Suojauspäivitys Windows XP:lle (KB921883)
    Suojauspäivitys Windows XP:lle (KB922616)
    Suojauspäivitys Windows XP:lle (KB922760)
    Suojauspäivitys Windows XP:lle (KB922819)
    Suojauspäivitys Windows XP:lle (KB923191)
    Suojauspäivitys Windows XP:lle (KB923414)
    Suojauspäivitys Windows XP:lle (KB923980)
    Suojauspäivitys Windows XP:lle (KB924191)
    Suojauspäivitys Windows XP:lle (KB924270)
    Suojauspäivitys Windows XP:lle (KB924496)
    Suojauspäivitys Windows XP:lle (KB925486)
    Symantec
    Symantec Script Blocking Installer
    SymNet
    Synaptics Pointing Device Driver
    The Settlers III Gold Edition
    WebDP 2.07
    Windows Installer 3.1 (KB893803)
    Windows Media Format Runtime
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    ZoneAlarm

     
  14. infs

    infs Member

    Liittynyt:
    30.11.2006
    Viestejä:
    83
    Kiitokset:
    0
    Pisteet:
    16
    Vaihe 4

    silent runnerssia käynistettäessä tulee error ikkuna Windows Script Host. Error viestinä:

    Komentosarjan C:\Documents and Settings\Anna-Maija\Työpöytä\Silent Runners.vbs komentosarjamoduulia VBScript ei löydy.
    [ok]
     
  15. Hujo

    Hujo Guest

    jos kerran tuosta kiinni
    Linkki
     
  16. infs

    infs Member

    Liittynyt:
    30.11.2006
    Viestejä:
    83
    Kiitokset:
    0
    Pisteet:
    16
    No nyt olis hiljasten juoksijoiden viestejä =)

    "Silent Runners.vbs", revision 49, http://www.silentrunners.org/
    Operating System: Windows XP SP2
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ---------------------------------

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
    "Creative Detector" = "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R" ["Creative Technology Ltd"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "preload" = "C:\Windows\RUNXMLPL.exe" ["Wistron"]
    "PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS]
    "PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS]
    "igfxhkcmd" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
    "igfxpers" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"]
    "SynTPLpr" = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
    "SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
    "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
    "RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
    "LaunchAp" = ""C:\Program Files\Launch Manager\LaunchAp.exe"" [empty string]
    "PowerKey" = ""C:\Program Files\Launch Manager\PowerKey.exe"" [empty string]
    "LManager" = ""C:\Program Files\Launch Manager\HotkeyApp.exe"" ["Wistron"]
    "CtrlVol" = ""C:\Program Files\Launch Manager\CtrlVol.exe"" ["Wistron"]
    "LMgrOSD" = ""C:\Program Files\Launch Manager\OSDCtrl.exe"" [empty string]
    "Wbutton" = ""C:\Program Files\Launch Manager\Wbutton.exe"" [empty string]
    "EPM-DM" = "c:\acer\Empowering Technology\ePower\epm-dm.exe" ["Acer Inc"]
    "Acer ePower Management" = "C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot" ["Acer Value Labs, Taiwan"]
    "eRecoveryService" = "C:\Acer\Empowering Technology\eRecovery\Monitor.exe" ["acer Inc."]
    "ADMTray.exe" = ""C:\Acer\Empowering Technology\admtray.exe"" ["Avocent Inc."]
    "eDataSecurity Loader" = "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [null data]
    "mmtask" = ""C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"" ["Musicmatch Inc."]
    "IntelliPoint" = ""C:\Program Files\Microsoft IntelliPoint\point32.exe"" [MS]
    "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"" ["Sun Microsystems, Inc."]
    "Zone Labs Client" = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"]
    "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
    "MMTray" = ""C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"" ["Musicmatch, Inc."]
    "!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
    "Regsister WScript" = "wscript -regserver" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "AcroIEHlprObj Class"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "SSVHelper Class"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL -laajennus"
    -> {HKLM...CLSID} = "Display Panning CPL -laajennus"
    \InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal-kuvakkeen tunniste"
    -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
    "{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
    "{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0}" = "EPM-PO Shell Extension"
    -> {HKLM...CLSID} = "EPM-PO Shell Extensions"
    \InProcServer32\(Default) = "epm-po.dll" ["Acer Labs USA"]
    "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
    -> {HKLM...CLSID} = "Microsoft Office Outlook"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
    "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
    -> {HKLM...CLSID} = "Outlookin tiedoston kuvakkeen tunniste"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
    "{20082881-FC36-4E47-9A7A-644C95FF749F}" = "IntelliPoint Wireless Control Panel Property Page"
    -> {HKLM...CLSID} = "Wireless Property Page"
    \InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll"" [MS]
    "{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}" = "IntelliPoint Wheel Control Panel Property Page"
    -> {HKLM...CLSID} = "Wheel Property Page"
    \InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll"" [MS]
    "{653DCCC2-13DB-45B2-A389-427885776CFE}" = "IntelliPoint Activities Control Panel Property Page"
    -> {HKLM...CLSID} = "Activities Property Page"
    \InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplact.dll"" [MS]
    "{124597D8-850A-41AE-849C-017A4FA99CA2}" = "IntelliPoint Buttons Control Panel Property Page"
    -> {HKLM...CLSID} = "Buttons Property Page"
    \InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll"" [MS]
    "{BF05BB6E-442C-428B-8025-82280B7BC26C}" = "Zen Micro Media Explorer"
    -> {HKLM...CLSID} = "Zen Micro Media Explorer"
    \InProcServer32\(Default) = "C:\Program Files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll" ["Creative Technology Ltd"]
    "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
    -> {HKLM...CLSID} = "avast"
    \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
    <<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
    -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    <<!>> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"]

    HKLM\Software\Classes\PROTOCOLS\Filter\
    <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

    HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
    -> {HKLM...CLSID} = "PDF Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
    avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
    -> {HKLM...CLSID} = "avast"
    \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
    AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
    -> {HKLM...CLSID} = "CContextScan Object"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
    EDSshellExt\(Default) = "{29FF7AB0-BE34-4992-A30B-53A9D86EE239}"
    -> {HKLM...CLSID} = "eDSshlExt Class"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\eDSshellExt.dll" ["HiTRUST"]

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
    AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
    -> {HKLM...CLSID} = "CContextScan Object"
    \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
    EDSshellExt\(Default) = "{29FF7AB0-BE34-4992-A30B-53A9D86EE239}"
    -> {HKLM...CLSID} = "eDSshlExt Class"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\eDSshellExt.dll" ["HiTRUST"]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
    avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
    -> {HKLM...CLSID} = "avast"
    \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]


    Group Policies {policy setting}:
    --------------------------------

    Note: detected settings may not have any effect.

    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

    "NoCDBurning" = (REG_DWORD) hex:0x00000000
    {unrecognized setting}

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

    "DisableRegistryTools" = (REG_DWORD) hex:0x00000000
    {Prevent access to registry editing tools}

    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

    "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
    {Shutdown: Allow system to be shut down without having to log on}

    "undockwithoutlogon" = (REG_DWORD) hex:0x00000001
    {Devices: Allow undock without having to log on}


    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop may be disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
    HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
    "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

    Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
    HKCU\Control Panel\Desktop\
    "Wallpaper" = "C:\Documents and Settings\Anna-Maija\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


    Enabled Screen Saver:
    ---------------------

    HKCU\Control Panel\Desktop\
    "SCRNSAVE.EXE" = "C:\WINDOWS\system32\ssmarque.scr" [MS]


    Startup items in "Anna-Maija" & "All Users" startup folders:
    ------------------------------------------------------------

    C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys
    "Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]


    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
    "{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}"
    -> {HKLM...CLSID} = "Acer eDataSecurity Management"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ToolBand.dll" ["HiTRUST"]

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    "{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}"
    -> {HKLM...CLSID} = "Acer eDataSecurity Management"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ToolBand.dll" ["HiTRUST"]

    HKLM\Software\Microsoft\Internet Explorer\Toolbar\
    "{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}" = (no title provided)
    -> {HKLM...CLSID} = "Acer eDataSecurity Management"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ToolBand.dll" ["HiTRUST"]

    Explorer Bars

    HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

    HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Oheistiedot"
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\Software\Microsoft\Internet Explorer\Extensions\
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
    "MenuText" = "Sun Java Console"
    "CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}"
    -> {HKCU...CLSID} = "Java Plug-in 1.5.0_09"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]
    -> {HKLM...CLSID} = "Java Plug-in 1.5.0_09"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll" ["Sun Microsystems, Inc."]

    {92780B25-18CC-41C8-B9BE-3C9C571A8263}\
    "ButtonText" = "Oheistiedot"

    {FB5F1910-F110-11D2-BB9E-00C04F795683}\
    "ButtonText" = "Messenger"
    "MenuText" = "Windows Messenger"
    "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    AdminWorks Agent X6, AWService, ""C:\Acer\Empowering Technology\admServ.exe"" ["Avocent Inc."]
    avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
    avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
    avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
    avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
    AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]
    Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.EXE" ["Creative Technology Ltd"]
    Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
    TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZONELABS\vsmon.exe -service" ["Zone Labs, LLC"]
    Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


    Print Monitors:
    ---------------

    HKLM\System\CurrentControlSet\Control\Print\Monitors\
    Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
    Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]


    ----------
    <<!>>: Suspicious data at a malware launch point.

    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + To search all directories of local fixed drives for DESKTOP.INI
    DLL launch points, use the -supp parameter or answer "No" at the
    first message box and "Yes" at the second message box.
    ---------- (total run time: 47 seconds, including 18 seconds for message boxes)
     
  17. Hujo

    Hujo Guest

    ei tuosta mitään silmään osu.

    1. Klikkaa käynnistä > Oma tietokone oikean puoleisella nappi
    2. Valitse ominaisuudet
    3. Valitse järjestelmän palauttaminen välilehti
    4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
    5. Paina Käytä
    6. Paina ok
    7. Sammuta ja käynnistä
    8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
    9. Käytä ja OK


    aja tuon pääle vielä

    lataa tuolta http://www.ccleaner.com/download/builds.aspx
    CCleaner v1.34.407 - Basic, joka EI sisällä Yahoo toolbaria !

    laita asetukset näin:
    Valinnat --> Lisäasetukset --> Ota ruksi pois kohdasta Poista vain yli 48 tuntia vanhat tilapäistiedostot.

    aja puhistaja > tutki > putsaa oikea alakulma
    aja virheet > etsi rekisteri virheitä > Korjaa rekisteri virheet.


    ja laita compofix loki scannaten
     
Viestiketjun tila:
Viestiketju on suljettu.

Jaa tämä sivu